[Bug 1556330] Re: upstream curl bug #1371: p12 client certificates code is broken

LocutusOfBorg costamagnagianfranco at yahoo.it
Sat Mar 12 16:26:11 UTC 2016 

1) go there https://launchpad.net/ubuntu/+source/curl
2) find the dsc link
3) dget -u https://launchpad.net/ubuntu/+archive/primary/+files/curl_7.35.0-1ubuntu2.6.dsc
4) wget your patch https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1556330/+attachment/4596446/+files/libcurl_broken_pkcs12.patch
5) check if xenial is fixed (yes)
6) add-patch libcurl_broken_pkcs12.patch
7) explain changes in changelog
8) upload to ppa (dpkg-buildpackage -S -d && dput ppa:blah/blah-ppa filename_source.changes)
9) dput ubuntu filename_source.changes


I'm not a core-dev, so I can't do "9"
but I did instead:
10) debdiff curl_7.35.0-1ubuntu2.*.dsc > debdiff

and attached here

** Attachment added: "debdiff"
   https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1556330/+attachment/4596928/+files/debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1556330

Title:
  upstream curl bug #1371: p12 client certificates code is broken

Status in curl package in Ubuntu:
  Fix Released
Status in curl source package in Trusty:
  Triaged

Bug description:
  [Impact]

  The bug makes it impossible to use PKCS#12 secure storage of client
  certificates and private keys with any affected Ubuntu releases. The
  fix is one line fixing a broken switch statement and was already
  tested against Ubuntu 14.04 LTS with a rebuilt curl package.

  This was fixed in upstream libcurl in the following bug:

  https://sourceforge.net/p/curl/bugs/1371/

  The bug fix consists of one missing break statement at the end of a
  case in a switch statement.

  I personally patched the bug using source code release
  curl_7.35.0-1ubuntu2.6.dsc, used in Ubuntu 14.04 LTS, and verified it
  does indeed fix the bug and all of the package's tests still pass
  afterwards.

  [Test Case]

  The bug can be reproduced using the following libcurl parameters (even
  via CLI, pycurl, etc.).

  CURLOPT_SSLCERTTYPE == "P12"
  CURLOPT_SSLCERT = path to PKCS#12
  CURLOPT_SSLKEY = path to PKCS#12
  CURLOPT_SSLKEYPASSWD = key for PKCS#12 if needed

  Basically, just use a PKCS#12 format client certificate and private
  key against some certificate protected web server.

  [Regression Potential]

  If it could possibly break anything, which is extraordinarily
  unlikely, it would break one of the three client certificate formats
  (most likely PKCS#12 but also PEM or DER). Note 1/3 formats is already
  broken due to the bug. Client certificates of all three types could be
  checked to prevent this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1556330/+subscriptions

More information about the Ubuntu-sponsors mailing list